A friend’s gmail password was either cracked or stolen somehow and his account started sending out mass messages to his contacts. The message contains the following:
Hey friend,
How are you doing recently? I’d like to introduce you a very good foreign trading online company and the website is www.ui-mall.com
It can offer you so many kinds of electronic products which you may be in need,such as laptops, gps, TV, cell phones, ps, MP3/4, motorcycles even several kinds of musical instruments and etc..
You can take some time to have a check ,there must be something you are interested in and you ‘d like to purchase .
The contacts:
MSN: uimall@hotmail.com
Email: uimall@188.comHoping you can enjoy your shopping from that company !
Regards
I googled this and couldn’t find any other posts about it. Looking at the headers it appears these messages aren’t just spoofing the “from:” header, but are actually being sent through gmail. The script is also replying blinding to any messages I send to him with the same body copy.
If anyone else sees this happening please post a comment!
Update: This thread mentions to check your gmail Vacation responder settings and clear out any text that may be hidden there.
Update 2: If you need help with changing your password, visit My account has been compromised in the Gmail help center.
Just got the same message from my friend-of-friend…
Yikes. Did Gmail get hacked?
And does anyone know if that site is legit? It’s coming from Bejing, so by *legit* I mean ‘actually receive the products’ and are they actually ‘real’ ? (or just knock-offs)
By StayClassyChicago on Nov 13, 2008
Grrr… same thing happened to me. I changed my password and it looks like it stopped.
By MichaelMinneapolis on Nov 14, 2008
+1 happening to me. i changed password and it is still happening! now what?
By Hacked in Virginia on Nov 14, 2008
ok, it is the vacation responder.
By Hacked in Virginia on Nov 14, 2008
I changed my password but it still happens!
How do I stop it!!!
I am using Thunderbird.
thanks!
Paul
By Paul on Nov 14, 2008
Ok, got it.
I use a pop-mail client so didn’t get the vacation responder hint given earlier.
Obvious now–login to my actual gmail account and go to my gmail settings and lo and behold they have hacked the vaction responder, setting it to on and the message there.
I turned it of, cleaned out the message to be safe, this seemed to turn it back on, so I turned it off again (!) and then saved the page AND changed my password. Sorry if this seems a bit obvious to you, but to me it wasnt.
By Paul on Nov 14, 2008
I just opened gmail to check my emails and saw that I got lots of delivery status notification (failure) from emails addresses that I did not write to. I checked it out and apparently I send an email 3 hours ago with that body message (Hey friend….). As I realized this was not spoofing I immediately changed my password and checked my settings. In the settings the vacation message had been turned on and changed to send out the spam-message. I really hope I am home safe now with changing pwd and turning vacation message off.
I’ll check this thread on regular basis to learn more.
Regards
By Britta on Nov 15, 2008
The same thing just happened to me today. I definitely have the original sent e-mail in my ‘Sent’ folder, so it originated from my account. I changed my password and security questions, and completely cleared out my contacts list. The spam was sent only to contacts in my Gmail web account, NOT the ones I’ve used since starting to use Mail on Mac OS (thank goodness). So it’s definitely coming only from the Gmail level.
By Lia on Nov 16, 2008
FYI. I just checked my hotmail account and this happened to me too. This is not just a GMail problem. The exact message was sent and there were two emails in my sent folder. I changed my pwd and checked my vaca msg. Hears hoping it worked.
By Sean on Nov 17, 2008
There are three things you need to do to insure that it doesn’t happen again.
1) go to your gmail account settings and choose ‘use https’ for all transactions.
2) Change your password and never use the same one again (I made that mistake the first time I was hacked)
3) Clear out your vacation responder and set it to ‘off’.
I *hate* spammers.
Hal
By Hal on Nov 17, 2008
It happened to me too and sent e-mails to customers, exes, people I didn’t even want to know I existed anymore!! What an invastion of privacy!! B@st@rds!!
By Angela on Nov 17, 2008
Got me too. I changed password and turned off the auto responder. Gmail account.
By Matt on Nov 17, 2008
Anyone have any idea how these folks might be lifting your passwords? Do you think they were simply guessed using trial and error (did your password have letters and numbers?), or lifted through phishing (logging into a site pretending to be gmail?).
By Scott Meves on Nov 17, 2008
Got me too! I consider myself to be very careful about my browsing. Is this a bug related to a google lab feature? I’ve felt a little careless recently enabling google products without much checking.
This sucks, so many spam emails sent out to ex girlfriends, work people, etc. DAMN!
By Ben on Nov 17, 2008
I don’t actually think they are stealing your passwords. They are even using email sent to me to get my email address, then they are spoofing it. I didn’t have any “sent” mail for this email. I got it coming and going. I got the return to senders and I also got a spam with a header from an email I received earlier and was expecting to recieve. The stole the header on the way in to my email box. It’s as if they are monitoring email traffic.
By Sooner on Nov 17, 2008
@Sooner: But that doesn’t explain how the message gets put into people’s vacation auto-response…
By Scott Meves on Nov 17, 2008
If it makes anyone feel better (or worse), this is happening on Hotmail accounts, as well. The message is definitely in the Sent folder, but it’s not showing up in the Vacation Responder. Changed the password, marked the Sent messages as “Unsafe” and reported to Hotmail and now crossing my fingers. And I don’t even use Hotmail for online transactions….
By Pete on Nov 23, 2008
I’m using the Windows Live Mail client for my e-mails and it doing it over here too. It’s sending the same message to everyone one in my contact lists. I’m sure hanging out in these social websites caused it. I’m sure of it. Now going about removing this hack is going to be a mission. I’ll keeping on searching for a possible solution.
By Tropikal on Nov 26, 2008
Had it happen to me on gmail today. My vacation responder was not set, the email is in my Sent folder for sure. In the meantime I guess I’ll change my password.
By Jeff Brandt on Nov 26, 2008
Hey, Just had it happen to me, spammed my contact list, I’m with hotmail, so changed my password, reported it as phishing or something, and looked for vacation text, but nothing there… hoping for the best now…
By Johann on Nov 30, 2008
Thank you for the heads up!
By Jon Williams on Dec 1, 2008
Since i moved to http://www.corlive.com I get no spam - i really recommend this service.
By bill on Dec 9, 2008
So I’ve been hit too. This is the third “round of emails” sent to folks on my email list. My intention is to spend the rest of my life hunting down virus creators, spammers, et al and eliminate them from the planet. Looking for a few good men and women who feel the same way.
I sent a notice to http://www.ui-mall.com and asked them to quite but obviously that didn’t work either. I’ll change the password, but if they have captured the email list not sure I can stop this without changing my ID.
By Ted Thibault on Dec 17, 2008
Just happened to me as well - ironically I was using Google Chrome. Would that be an application trying to mimic human behaviour?
I just turned the “Mail Goggles” feature in the “Google Labs” on, so as to make sure that it must be a human to send out emails from GMail. Don’t know if it helps though
By Frankie on Dec 27, 2008
sorry to dissapoint a lot of you’s but this isn’t a problem held directly to gmail… i just received this same email from a friend using hotmail….
By anynymous on Mar 23, 2009